<?php
session_save_path('_/directory/session');
ini_set('session.gc_maxlifetime', 48*60*60); // 24 hours
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
ini_set('session.cookie_secure', FALSE);
ini_set('session.use_only_cookies', TRUE);
//------------------------------------------------------------------------------------------//
//--                                         P H P                                        --// 
//------------------------------------------------------------------------------------------//
$title="Login";
//---> Include
require_once("dbconnect.php");

//---> Login
	if( !isset($_SESSION) ) { session_start(); }
	/*
	if(!empty($_SESSION['redirect'])) {
		$uri = $_SESSION['redirect'];
	} elseif( !isset($_GET['redirect']) ) {
		$uri = 'index.php'; 
	} else { 
		$uri = $_GET['redirect']; 
	}
	*/
	$uri = 'index.php'; 
	if( !empty($_SESSION['login']) ) { header("Location: ".$uri); }
	
	if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password'])){
		$login = mysql_real_escape_string($_REQUEST['username']);
		$password = mysql_real_escape_string(md5($_POST['password']));
		
		$search1 = mysql_query("SELECT * FROM admin WHERE (username='".$login."' OR email='".$login."') AND password='".$password."' AND active='1'") or die(mysql_error()); 
		$match  = mysql_num_rows($search1);
		$row=mysql_fetch_array($search1);
		$user_id=$row['admin_id'];
		$UserName=$row['name'];
		$user_level = $row['level'];
		$adminbrreg=$row['branch_id'];
		
		if($match > 0){
			//$msg = 'Login Complete! Thanks';
			//$_SESSION['login'] = true;
			$_SESSION['user_id'] = $user_id;
			$_SESSION['username'] = $UserName;
			$_SESSION['level'] = $user_level;
			$_SESSION['adminbrreg'] = $adminbrreg;
			$_SESSION['checker'] = 1;
			mysql_close();
			header("Location: ".$uri);
		}else{
		
			$search2 = mysql_query("SELECT * FROM clients WHERE (cusid='".$login."' OR cusemail='".$login."') AND password='".$password."' AND active='1'") or die(mysql_error()); 
			$match  = mysql_num_rows($search2);
			$row=mysql_fetch_array($search2);
			$user_id=$row['cusid'];
			$UserName=$row['cusfname'].' '.$row['cuslname'];
			$level = 0;
			if($match > 0){
				date_default_timezone_set('Asia/Manila');
				$ClientDate=date("Y-m-d");
				$ClientTime=date("h:i:s A");
				
				$sql_client = "UPDATE clients SET logdate='$ClientDate', logtime='$ClientTime' WHERE (cusid='".$login."' OR cusemail='".$login."') ";
				if(!mysql_query($sql_client,$con)) {
						die('Error:'.mysql_error());
					}
					elseif(mysql_query($sql_client,$con))
				
				//$msg = 'Login Complete! Thanks';
				//$_SESSION['login'] = true;
				$_SESSION['user_id'] = $user_id;
				$_SESSION['username'] = $UserName;
				$_SESSION['level'] = $level;
				
				if($row['cusfname']=="" || $row['cuslname']==""){
					echo "<script type='text/javascript'>alert(\"The system detected that you have incomplete profile information... you will be redirected to your Profile page now... \"); window.location=\"ProfileEdit.php\";</script>";
				}
				elseif($row['cusmob']=="" || $row['cusmob']=="0"){
					echo "<script type='text/javascript'>alert(\"The system detected that you don't have mobile number... you will be redirected to your Profile page now... \"); window.location=\"ProfileEdit.php\";</script>";
				}
				else{					
					header("Location: ".$uri);
				}
				mysql_close();
			}else{
				$_SESSION['msg'] = "<span class=\"alert\"><center>INVALID EMAIL or PASSWORD!</center></span>";
				mysql_close();
				header("Location: login.php");
			}
		}
/* 			$_SESSION['msg'] = "<span class=\"alert\"><center>On-line appointments are for registered users, please use the link below to create your own on-line account.</center></span>";
			unset($_SESSION['msg']); */
	}elseif(isset($_POST['btnSubmit'])){
		$email=$_POST['email'];
		$search3 = mysql_query("SELECT cusemail FROM clients WHERE cusemail='$email'") or die(mysql_error()); 
		$match  = mysql_num_rows($search3);
		if($match > 0){
			// Return Success - Valid Email
			$_SESSION['msg'] = 'Your password request has been made, <br /> please verify it by clicking the confirmation link that has been sent to your email.';
			
			$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.
			//$password = rand(10000,50000); // Generate random number between 1000 and 5000 and assign it to a local variable.
			
			mysql_query("UPDATE clients SET hash='$hash' WHERE cusemail='$email'") or die(mysql_error());
			
			$to      = $email; //Send email to our user
			//$to      = 'francis.crisostomo@8finity.net'; //Send email to our user
			$subject = 'Lay Bare On-line Reset Password | Verification'; //// Give the email a subject 
			$message = '

Please click this link or copy & paste into your address bar to confirm your password reset request:
http://www.lay-bare.com/system/resetpass.php?email='.$email.'&hash='.$hash.'

					'; // Our message above including the link
					
			$headers = 'From:noreply@lay-bare.com' . "\r\n"; // Set from headers
			mail($to, $subject, $message, $headers); // Send the email
			mysql_close();
			header("Location: login.php");
		}else{
			$_SESSION['msg'] = "<span class=\"alert\"><center>INVALID EMAIL or EMAIL does not exist!</center></span>";
			mysql_close();
			header("Location: login.php");		

		}
	
	}else{ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!------------------------------------------------------------------------------------------>
<!--                                         H T M L                                      -->
<!------------------------------------------------------------------------------------------>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta name="Author" content="FRANCIS SAN PABLO CRISOSTOMO - Senior Web Developer" />
<meta name="Description" content="LAY BARE Waxing Salon - We are the first ever unwanted hair removal specialist in the Philippines. We provide eyebrow threading and body waxing services using cold sugar wax only. No more strips! No more hot wax! Just plain, comfortable, hair removal at a price you can definitely afford." />
	<title><?php echo $system_name.' | '.$title ?></title>
<!-- Google Font and style definitions -->
	<link rel="stylesheet" href="http://fonts.googleapis.com/css?family=PT+Sans:regular,bold">
	<link rel="stylesheet" href="css/style.css">
	
	<!-- include the skins (change to dark if you like) -->
	<link rel="stylesheet" href="css/light/theme.css" id="themestyle">
	<!-- <link rel="stylesheet" href="css/dark/theme.css" id="themestyle"> -->
	
	<!--[if lt IE 9]>
	<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<link rel="stylesheet" href="css/ie.css">
	<![endif]-->
  <!-- BEGIN JAVASCRIPTS -->
  <script src="js/jquery-1.9.1.min.js"></script>
  <script src="js/app.js"></script>
  <script>
    jQuery(document).ready(function() {     
      App.initLogin();
    });
  </script>
  <!-- END JAVASCRIPTS -->		
</head> 
<body id="login">
		<header>
			<div class="header" style="color:#fff;text-align:right; text">
				<!-- title and description -->	
				<h2 style="padding:10px;">Login Form</h2>
				<p style="padding-right:10px;">Please enter your Username <br>and Password to login</p>
			</div>
		</header> 
		<section id="content">
			<form method="post" id="loginform" class="login-form">
			<center>
				<fieldset>
					<section>
						<label for="username">Username or Email Address:</label>
						<div><input id="username" name="username" type="text"></div>
					</section>
					
					<section>
						<label for="password">Password:</label>
						<div><input id="password" name="password" type="password"></div>
					</section>
					
					<button type="submit" name="btnLogin">Log in</button></td>
					<section>
					<?php
						$_GET['expired']= false;
						if( !empty($_SESSION['msg']) ){
							echo $_SESSION['msg'];
							unset($_SESSION['msg']);
						}else
							//warning message for user so they know why they are here
							$_GET['expired']= false;
							
							if (isset($_GET['expired']) && $_GET['expired'] == 'true'){
								print  "<p><span  style=\"color: red; font-weight: bold\">You have been logged out or your session expired.</span><br>Log in to restart session.</p>";
							}else{
								
							}
					?>
					</section>
					<section>
						 <div class="forget-password">
							<h4>Forgot your password ?</h4>
							<p>
							  no worries, click <a href="javascript:;" class="" id="forget-password">HERE</a>
							  to reset your password.
							</p>
						  </div>
						<h5><a href="signup.php">Click Here to Sign Up</a></h5>
					</section>
				</fieldset>
			</center>
			</form>
			<!-- END LOGIN FORM -->        
			<!-- BEGIN FORGOT PASSWORD FORM -->
			<form class="forget-form" style="display: none" method="post" id="forget-form" />
			<center>
			  <h3 class="">Forget Password ?</h3>
			  <p>Enter your e-mail address below to reset your password.</p>
				<fieldset>
					<section>
						<input class="m-wrap" type="text" placeholder="Email" name="email" />
					</section>
					<section>
						<a href="javascript:;" id="back-btn" class="btn">Back</a>
						<button type="submit" name="btnSubmit">Submit</button>           
					</section>
				</fieldset>
			</center>
			</form>
			<!-- END FORGOT PASSWORD FORM -->
		</section>
		<input type="hidden" name="" value="<?php if($_SESSION['checker']==1)echo "checker is up"; else echo "checker is down";?>"/>
		<?php
		//phpinfo();
		?>
</body>
</html>
<?php } ?>